|
RapierFugue -> RE: We are not alone..... (8/1/2011 2:56:35 AM)
|
quote:
ORIGINAL: Termyn8or
Actualy it doesn't really matter. Someone picks up your wifi and uses it, other than the bandwidth issue they generally are not getting to your files any sooner than anyone else on the net. Really.
Now if they send an email threatening the President, you will have a knock at the door, but once they see that none of your PCs were used to send it, they will leave you alone. They might even advise you to secure your system, but not just yet. Not until they catch the guy.
Every modem, router, nic and PC has a unique ID. If I took my laptop to Starbucks and threatened the President, Starbucks wouldn't be in trouble, they would be looking for my laptop. The possesion of it is the problem, not the means of connecting.
Not true in the UK, and I'm fairly sure not true in the US either. The relevant Acts have passages which relate to "control of use", meaning that the "owner" of the network (most usually, but not always, the bill payer) has an obligation to ensure their network is "not utilised for the purpose of unauthorised transmissions" (the wording under the UK's Computer Misuse Act, though likely to be worded differently in the US), and it also references the use of your network for the purposes of transmission of illegal material.
This comes into play when dealing with the kind of evil fucktards who use hijacked computers and networks to distribute illegal materials (kiddie porn, stolen credit card lists, etc) – they will work with “clusters” of hijacked computers (until recently PCs, but there are now Trojans which leverage Macs too) to store the data on, but will (in order to cover their trail and “protect” the compromised clusters) tend to distribute that data via unsecured networks. So they operate a virtual drive that is powered by a cluster of computers scattered hither and thither, but to protect those clusters from being discovered they will move the data via one node only, on a compromised (usually unsecured) network.
The net upshot of this is that, if you're dumb enough to run an open network yourself, you're potentially going to have to prove that you had no knowledge of its use by others, defence of which pretty much guarantees you're going to have to admit running an open network. So it’s kind of catch22 – you're fucked if you do, and fucked if you don’t.
In a case here a couple of years back a guy spent a long time fighting an accusation of being a kiddie-porn distributor, and of further accepting the proceeds from sale of same (because they filtered back CC payments via his unsecured network) – it took bloody months to establish that he had nothing to do with it, and during that time he was on bail, under investigation (not a nice thing to have happen, I would imagine) and both his bank accounts and computer equipment were seized/frozen, so he was effectively fucked. Yes they did eventually establish he was innocent, but that was after something like nine months of having no income, no computer equipment nor net access (since they banned him from “communicating” via that medium, fearing he might warn others) and living under the threat of a substantial prison term. Not nice. So, in short, run an open network and you're asking for trouble.
Oh, and your “unique ID”? Infinitely spoof-able. Not easy to, but if someone wants to then they can – it’s one of the reasons why modern encryptions and network security keys have moved away from “white list” Mac address methods and towards long chain encryption keys. Even those are breakable with time and brute-force attacks – put simply, modern graphics cards are so powerful (in number of instructions per second terms) that those keys that would once have taken many thousands of years to crack through brute force are now breakable in a matter of days or, in the case of the latest cards, mere hours.
Finally, the reason Starbucks aren’t liable has nothing to do with the logging of unique IDs, as they (and others) are fully aware of the above – what protects them from nutters coming in and leveraging their Wi-Fi is the fact that a) their T&Cs state clearly that they're not liable for what you send over the networks and b) their network security disconnects anyone attempting to use their network for repeated similar-key (brute force) attempts to spoof the IDs of any of their hubs. Oh and c) any network security bod worth more than a couple of beans at the government or corporate end will simply funnel all traffic from unsecured networks into a separate system, then only allow those comms containing the corporate white-list ID through.
So, in short; secure your networks or you may end up in trouble. The chances aren’t high I grant you, but the situations I've outlined do happen, and are increasing in frequency, to the point where a recent discussion paper by one of the main security system providers admitted it was only a matter of time before an “innocent” got jailed as a result of their open network being compromised.
Oh, and those of you “borrowing” other people’s open Wi-Fi networks are committing a crime, in either the US or UK. And one for which a couple of dozen people have now (in the UK) been prosecuted, albeit with fines only for now.
|
|
|
|
